How (and Why) to Protect Your Site Against Hotlinking

You worked hard to create a website your target audience enjoys visiting. You kept your images optimized and stayed away from heavy bandwidth items to stay on budget. Suddenly, you get a notice from your web hosting provider that you are close to going over on your fairly heft bandwidth. Your site traffic doesn’t reflect the change. Could you be a victim of hotlinking?

Hotlinking is when someone embeds an image from your site, pulling it up from your server rather than saving and placing it on their own servers. Some people don’t realize the impact of hotlinking and do so innocently. Others do it intentionally to save their own bandwidth. 

For example, one website promoted authors and suddenly found they were using more bandwidth. After some investigation, they realized a particular image was being pulled up over and over to a mailing list server. One of the authors didn’t understand the impact of hotlinking and was directly embedding the images in their newsletter, using up the site’s bandwidth. The fix was a simple explanation of the etiquette of using images. 

Why Should You Protect Your Site Against Hotlinking?

On the surface, hotlinking might not seem to be a huge issue. Most website owners have plenty of bandwidth and won’t notice the difference. However, when it happens repeatedly, it can create havoc in a number of ways. 

Violating Copyright Laws

You may have unique images or designs that you don’t want other people to use without your permission. When people hotlink, they can embed your images on their site and take advantage of your digital assets.

Using Your Bandwidth

This one bears repeating, because if several websites use your bandwidth, you could run out and have to pay more to get through the month. Overage fees can become quite expensive, depending upon your hosting plan and how your provider handles the situation.

Throttled Performance

Every server has limited resources. Each time someone visits the offending site hotlinking to your content, your site visitors could experience slower load times and even errors where the server times out. 

Damage to Your Brand

Another thing to consider with hotlinking is that any type of site can pull your content into theirs. Let’s say you sell a product for preschoolers and a porn site grabs some of your images. The fallout could be catastrophic to your business model. You must take steps to stop the digital theft in its tracks and protect your image and content. 

You may be able to take legal action against people stealing your copyrighted works or using your trademark. 

How to Stop Hotlinking in Its Tracks

To prevent hotlinking, you have to complete a number of steps that are both practical and technical in nature. If you’re unsure of any of the actions, you may want to pay a cybersecurity expert to lock down your digital assets and prevent future hotlinking attempts. 

Step 1: Contact the Offender

As mentioned before, some people don’t realize they shouldn’t be hotlinking in the first place. If they are new to website hosting or just inexperienced in how bandwidth works, they may think copying and pasting an image on their site is similar to sharing a post on social media.

Send an email and politely explain what hotlinking is and how they are pulling on your bandwidth. If the error was an honest mistake, they’ll apologize and rectify the situation. Even if they do respond and stop the hotlinking, you’ll want to move forward with the other steps to ensure it doesn’t happen again with another person.

Step 2: Use .htaccess Rules

Many servers today run on Apache, so you may be able to make a simple change to your .htaccess file to stop hotlinking immediately. Open or download your .htaccess file on your server and add the following code: 

RewriteEngine on 

RewriteCond %{HTTP_REFERER} !^$ 

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain\.com [NC] 

RewriteRule \.(jpg|jpeg|png|gif)$ – [F,NC,L]  

Put your domain name in the section that reads: yourdomain.com. Some servers have a command in the control panel that allows you to block hotlinking. The program will essentially write the above code for you so you don’t have to insert it manually. 

Step 3: Enable a Content Delivery Network (CDN)

Another option is to deliver your content through a CDN. This can speed up your site, reduce the strain on your servers and prevent hotlinking problems. Sites such as AWS CloudFront and Cloudflare have built-in hotlink protection. They will automatically block any unauthorized requests from outside servers. 

Step 4: Move Popular Files

If you notice a particular image is being hotlinked to a lot, you should change the name of the file. You can also move it to a different server or try deleting it altogether. Some people say they change the image being linked to and place a notice that the image is hosted on your site instead.

If someone has grabbed your image and embedded it, anyone who visits their site will see the notice. Be cautious, though, as you can bring unwanted heat from hackers and other bad players. It is usually best to take the high road and simply move the files. 

You can also write into your .htaccess file code to send hotlinked images to a set image that tells people the image is hosted on your site and thus redirects traffic your way. However, consider the nature of the offending site. If they are your competitor, you might want their site visitors to come your way. On the other hand, if it is an inappropriate site, you might want them to stay far away. Tweak your code like this to direct the hotlinked image to a different one:

RewriteEngine on 

RewriteCond %{HTTP_REFERER} !^$ 

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain\.com [NC] 

RewriteRule \.(jpg|jpeg|png|gif)$ http://www.yourdomain.com/custom-image.jpg [R,L]  

Again, replace yourdomain with your website domain and the custom image link to direct to the image you want the embed to pull. 

Step 5: Install a Plugin

If your site runs on a content management system such as WordPress, you can install a plugin that prevents people from copying your files or their location. However, people on various forums do caution using hotlinking prevention and other steps with caution as it could unintentionally impact your site performance for relevant visitors. 

Step 6: Watermark Your Images

Another thing you can try to ensure people are less likely to steal your bandwidth is placing a watermark on every image that shows where it came from. A simple website link or logo placed on top of the visual works wonders. Just make sure it is in a location where it can’t be easily cropped out. 

Is Hotlinking a Problem or Not?

It depends on the situation whether hotlinking is an issue for your site. If you find you are running out of bandwidth or experiencing slow load times, you may want to take action. On the other hand, if the offending sites aren’t detrimental to your image and you still have plenty of bandwidth and speed, it might be more effort than it’s worth to bother with it. 

There is also the principle of the matter, where people shouldn’t steal your resources and you may want to stop them from doing so. The decision is yours, but knowing how to stop hotlinking is a good tool to have in your developer skills list.